Adding Paloalto Firewall as Custom Action Device

Using the Logsign USO Platform WEB interface, click the Settings -> Integrations -> Responses tab.

Then click on the + Device button in the top right corner of the page. A window titled Add Device will appear.

 

Vendor: Choose PaloAlto as brand knowledge.

Host: The IP address of the PaloAlto device/product to be integrated with Logsign USO Platform.

Key: Key information that will provide the link between the PaloAlto device/product that will work with Logsign USO Platform. If you click on the question mark at the end of the line, you will see an informative text below the window with http (s): // HOST_ADDRESS / api /? Type = keygen & user = USER_NAME & password = PASSWORD. Copy and paste it into the address bar of our internet browser.

Then you need to change a few parameters on the link.

As shown in the example below, click on the Enter button after editing our link. http://10.10.X.XXX/api/?type=keygen&user=admin&password=admin

1.png

The key information starting with </key> will become up. We are copying the key information without leaving a space and pasting it on the Key line in the window titled + Device.

Virtual System: Logsign USO Platform product uses Vsys1 by default.

Protocol: Determine the protocol over which the connection will be made.

63.png

After filling in the required information, click the Save button to save the settings.

The following step is to add the address group you want to be affected by the Logsign USO Platform product in our PaloAlto security device/product.

Once you reached the PaloAlto security device/product via your internet browser, click on the Objects -> Address Groups tab in the menu bar. The content of the address group that you want to take action on should be as follows.

3.png

Determine a name for definiton information, write BlockedUsers in this example.

Type: Choose the Dynamic option to want the list to be updated with evolving events.

Match: Determine the knowledge of the action to be taken. Set it as 'block.'

Then click the OK button to save our settings.

The following action will be to create a rule for the "action device" to be made. Click the Add Rule button on the same page.

Fill in the information for the address group you have created in the PaloAlto security device/product on the opening page to define the Logsign USO Platform product.

Fill in the information for the address group you have created in the PaloAlto security device/product on the opening page to define the Logsign USO Platform product.

4.png

Vendor: Brand info is automatically selected for performing operations on Palo Alto.

Group Name: Write the name of the address group that you created in the PaloAlto security device/product. Use as BlockedUsers in this example.

Match Key: Determine which command the address group you created in the PaloAlto security device/product will take action against.

Expire Time: You can determine how long the rule we will create is valid. Determine to be Permanently because you want to be permanent in this example.

Then click the Save button to save the rule.

You need to connect the security policy that you created for your PaloAlto security device/product to the BlockedUsers address group.

5.png

After accessing the PaloAlto security device/product via your internet browser, you can configure the security policy that you created after clicking on the Policies -> Security tab in the menu bar.

 

Was this article helpful?
0 out of 3 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.